PT-2025-1132 · Ivanti · Ivanti Epm

Published

2025-01-13

Updated

2025-01-19

CVE-2024-13168

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Ivanti EPM versions prior to 2024 January-2025 Security Update Ivanti EPM versions prior to 2022 SU6 January-2025 Security Update

Description The issue is related to an out-of-bounds write that allows a remote unauthenticated attacker to cause a denial of service. This can be exploited by a remote attacker to disrupt service.

Recommendations For versions prior to 2024 January-2025 Security Update, apply the 2024 January-2025 Security Update. For versions prior to 2022 SU6 January-2025 Security Update, apply the 2022 SU6 January-2025 Security Update.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2025-00405

CVE-2024-13168

ZDI-25-035

Affected Products

Ivanti Epm

PT-2025-1132 · Ivanti · Ivanti Epm

CVE-2024-13168

Weakness Enumeration

Related Identifiers

Affected Products

References · 7